Request and Response

Common types

All dates are expressed as UNIX timestamps, with the exception of timetable times, which are shown in H:MM format (e.g. 4:32, 15:12. 24:06).

Latitude and longitude will be expressed as floats, with the precision on both the request and response up to six decimal places.

CORS (Cross-domain resource sharing)

The TFE Open Data API supports CORS for communicating from Javascript. Please note that your API token is still considered sensitive and it is your responsibility to protect it.

var xhr = new XMLHttpRequest();
xhr.setRequestHeader("Authorization", "Token YOUR_SERVER_TOKEN");'GET', '');

HTTP Status Codes

Status codeDescription
200OK. Everything worked as expected.
400Malformed request.
401Unauthorized the request requires user authentication (not logged in).
403Forbidden. Also used for unauthorized requests or permissions issues.
404Not found.
406Unacceptable content type. Client sent an accepts header for a content type which does not exist on the server. Body includes a list of acceptable content types, such as “Unacceptable content type. Request resource as: application/json
422Invalid request. The request body is parse-able however with invalid content.
429Too Many Requests. Rate limited.
500Internal Server Error.


Error responses will have a consistently formed JSON body. The keys may include:

messageHuman readable message which corresponds to the client error.
codeOne-word error code
fields (optional)A hash of field names that have validations. This has a value of an array with member strings that describe the specific validation error.
  "message": "Invalid stop ID",
  "code": "invalid",
  "fields": {
    "stop_id": ["Required"]